51
4. Achievements 4.1. Publications
Monthly security bulletins: Monthly security bulletin comprises of Statistics of incidents handled by CERT-In, information on vulnerabilities in various Operating
Systems and applications tracked, Cyber intrusion trends and other relevant IT security issues.
Summary of Website Defacements depicting break-up of the websites defaced, top defacers and vulnerabilities and suggestions on best practices to secure web
applications and web servers is published and circulated to all CISOs on monthly basis.
Security Tips: Security tips for general users advising best practices to secure Mobile Devices, USB storage, Broadband routers, Desktops etc and secure usage of
creditdebit cards online, preventive steps against phishing attacks were published.
4.2. Cyber Security Assurance initiatives
• National Cyber Security Policy-2013NCSP-2013 was released by Government
in August 2013 for public use and implementation with all relevant stakeholders. The objective of the policy is to create a framework for
comprehensive, collaborative and collective response to deal with the issue of cyber security at all levels within the country.
• Government and critical sector organizations are implementing the security
best practices in accordance with ISO 27001 standard and as per the advice issued by CERT-In. So far, 10 implementation enabling
workshopsinteractions have been conducted. Services of CERT-In empanelled IT security auditors are being used to verify compliance.
• 45 auditors were empanelled for audit of IT infrastructure after a fresh round
of skill assessment in the year 2014. •
CERT-In has also carried out security audits of some of the organizations in the critical sector.
5.
International collaboration
52 •
CERT-In has established collaborations with international security organisations and CERTs to facilitate exchange of information related to latest
cyber security threats and international best practices. CERT-In is a member of Forum of Incident Response and Security Teams FIRST, APCERT and
Anti-Phishing Working Group APWG. •
Collaborating with overseas CERTs such as US-CERT, for information exchange and Joint cyber exercises.
• CERT-In signed a MoU with Korea Internet Security Agency KISA in
January, 2014 to enable information sharing and collaboration for incident resolution.
6.
Future PlansProjects
6.1 Future projects
CERT-In has been evolved as the most trusted referral agency in the area of information security in the country. The future plans envisaged are:
• Creation of a framework for comprehensive, collaborative and collective
response to deal with the issue of cyber security at all levels within the country •
Promotion of RD activities in the areas of attack detection prevention, Cyber Forensics and malware detection prevention.
• Development and implementation of a crisis management framework to enable
organisations to respond to cyber incidents and assess the preparedness of organisations to withstand cyber attacks
• Creation of framework and facility for collection, correlation and analysis of
security events in real time and generating early warning to constituency. •
Creation of facilities to detect and clean the Botnet infected systems in coordination with Industry
Contact Information Postal Address:
Indian Computer Emergency Response Team CERT-In Department of Electronics information Technology
Ministry of Communication information technology
53 Government of India
Electronic Niketan 6, CGO Complex, Lodhi Road
New Delhi – 110003 India
Incident Response Help Desk: Phone: +91-11-24368572
+91-1800-11-4949 Toll Free Fax: +91-11-24368546
+91-1800-11-6969 Toll Free PGP Key Details:
User ID: incidentcert-in.org.in Key ID: 0x9E346D2C
Fingerprint: 4871 0429 EB42 0423 4E6A FAD6 B2D5 5C16 9E34 6D2C User ID: infocert-in.org.in
advisorycert-in.org.in Key ID: 0x2D85A787
Fingerprint: D1F0 6048 20A9 56B9 5DAA 02A8 0798 04C3 2D85 A787
54
CNCERTCC National Computer network Emergency Response technical Team Coordination Center
of China - People’s Republic of China
1.
About CNCERTCC
1.1. Introduction